Azure AD MFA Migration

Overview

Several internal applications were authenticating against a local Active Directory instance with no MFA requirement. As part of a broader security posture improvement, these were migrated to Azure AD with mandatory MFA enforcement.

What I Built

• Audited authentication flows across all affected applications to understand custom logic and dependencies
• Implemented Azure AD OIDC integration in each .NET application, preserving existing role and permission models
• Handled edge cases in legacy apps where authentication was tightly coupled to database lookups
• Coordinated cutover with application owners to minimize disruption during transition
• Updated group policies and Conditional Access rules in Azure to enforce MFA

Challenges

The main challenge was that several older .NET applications had custom authentication middleware written years ago with no documentation. Each needed to be understood, tested, and replaced without breaking existing user roles or workflows. Some applications had hardcoded user lookups that required additional refactoring before the migration was safe to cut over.